There have recently been two new vulnerabilities identified in Adobe’s Flash Player product, and the popularity of Flash Player means many users will likely be at risk. Adobe have posted security bulletins regarding the vulnerabilities here: (APSA15-01) (APSB15-02).
APSA15-01 has just been patched by Adobe but currently is limited in its availability. If you have flash player installed and auto update enabled, flash player will update to the latest patched version. There should also be a manual download posted on their website within the week and they are working with Google & Microsoft to update Chrome & Internet Explorer to include the flash player patch.
Adobe have said you can be affected by this vulnerability from clicking on compromised advertisements and false web links in emails or chat software ‘drive-by-downloads’, which could then lead to an attacker gaining remote access to the computer. This highlights the importance of looking out for fraudulent links and not clicking on them, usually hovering the mouse over a link (but not clicking) will display the web address somewhere on the screen for you to review. There are also various tools that might assist you in identifying a link if you think it is genuine but are not sure, such as Web of Trust and Norton’s Safe Web.
APSB15-02 has also been patched and has full availability, it can be automatically updated through the currently installed flash player or via a manual download from the Adobe website , likewise the flash player integrated into the web browsers Chrome and Internet Explorer should automatically be updated.
Overall this also demonstrates the importance of ensuring updates are enabled and set to automatically install where appropriate. This would apply to Windows & Mac, web browsers and other popular software you may have installed such as Adobe Reader, Adobe Flash Player and Java.
If you’re not sure whether you are patched against these vulnerabilities, you can contact our support team for assistance on 01276455455.